Skip to main content

Using Checkmarx One CLI Variables

Many CLI values can be provided explicitly as CLI parameters, or via configuration variables or environment variables.

Variables Hierarchy

The following precedence is used when there is a conflict between the different provided values:

  1. CLI parameters always override configuration and environment variables.

  2. Configuration variables override environment variables.

  3. Environment variables.

Checkmarx One CLI Config and Environment Variables

The CLI tool provides the ability to permanently store CLI options in configuration files.

The configuration files are kept in the users home directory under a subdirectory named ($HOME/.checkmarx).

CLI Configuration Parameters

The following table contains all the values that can be stored in CLI configuration files:

Glossary
cx_apikey

An API Key to login to the Checkmarx One server.

cx_base_auth_uri

The URL of the Checkmarx One User Management server.

cx_base_uri

The URL of the Checkmarx One server.

cx_client_id

The client ID that is used for client authentication.

cx_client_secret

The client secret that is used for client authentication.

cx_http_proxy

An alternative method for specifying an optional proxy server. This enables users to designate a specialized proxy for use with Checkmarx One that doesn't affect the proxy used for other applications. When this is used it overrides the value of http_proxy.

cx_ignore_proxy

Set this environment variable as true in order to ignore any proxies configured in your system, so that all Checkmarx One CLI commands run directly from your local machine. Alternatively, this can be done by using the global flag --ignore-proxy.

cx_tenant

The customer's tenant name.

http_proxy

An optional proxy server configuration.

sca-resolver

The path to a correctly configured SCA resolver executable.

Configuration Flags

The following flags are used with the configure set command.

Notice

The --prop-name and --prop-value flags must be used with each configure set command.

Glossary
---help, -h

Help for the configure command.

--prop-name <string>

Name of property set.

--prop-value <string>

Value of property set.

Below are several examples for the CLI Configuration usage:

./cx configure set --prop-name cx_base_uri --prop-value "http://<AST-server>[:<port>]"
./cx configure set --prop-name cx_base_auth_uri --prop-value <AST User Management URI>
./cx configure set --prop-name cx_client_id --prop-value <Client ID>
./cx configure set --prop-name cx_client_secret --prop-value <Client Secret>
./cx configure set --prop-name http_proxy --prop-value <Proxy server>
./cx configure set --prop-name cx_apikey --prop-value <apikey>
./cx configure set --prop-name cx_tenant --prop-value <Tenant name>

Configuration Profiles

The --profile option (CLI parameter) provides a powerful tool to quickly switch between different sets of configurations.

The user can add a profile name to any CLI command and it utilizes the corresponding profile settings.

The following example sets up a profile named test and calls a CLI command to utilize it.

# Create the "test" profile
./cx configure set --prop-name cx_base_uri --prop-value "http://Checkmarx One-server" --profile test

# Use the "test" profile to retrieve the scan list
./cx scan list --profile test

# The below command uses the default profile (not the "test" profile)
./cx scan list

The configure command supports an interactive mode that prompts for the following settings:

  • Checkmarx One Base-URI

  • Checkmarx One Base Auth URI

  • Checkmarx One Tenant

  • Option to select API Key authentication or Client ID/Secret

  • Set one of the following:

    • API Key authentication

    • Checkmarx One Client ID / Checkmarx One Client Secret

For example:

user@laptop:/ast$ ./cx.exe configure
Setup guide: https://checkmarx.atlassian.net/wiki/x/mIKctw

Checkmarx One Base URI [https://ast.checkmarx.net/]: https://ast.checkmarx.net/
Checkmarx One Base Auth URI (IAM) [https://iam.checkmarx.net/]: https://iam.checkmarx.net/
Checkmarx One Tenant [mytenant]: mytenant
Do you want to use API Key authentication? (Y/N): N
Checkmarx One Client ID []: myclientId
Client Secret []: myclientSecret

Notice

If the CLI has previously stored values to the above parameters, they will be presented when using the configure command.

To keep the existing values, press Enter.

Environment Variables

The CLI tool supports several Environment Variables.

The below table includes all the Environment Variables that can be configured using the CLI tool.

Note

The Environment Variables configuration is valid per shell session.

This means that if Environment Variables were configured, but the CLI/CMD windows are closed, the configured Environment Variables will not be saved.

To use them again, you will need to configure them once again in a new shell session.

Glossary
CX_APIKEY

The API key to login to Checkmarx One with.

CX_BASE_IAM_URI

The URL of the Checkmarx One User Management server. This is optional and only required when using a different instance than the Checkmarx One's built in one.

CX_BASE_URI

The URL of the Checkmarx One server.

CX_CLIENT_ID

The client ID that is used for client authentication.

CX_CLIENT_SECRET

The client secret that is used for client authentication.

CX_HTTP_PROXY

An alternative method for specifying an optional proxy server. This enables users to designate a specialized proxy for use with Checkmarx One that doesn't affect the proxy used for other applications. When this is used it overrides the value of HTTP_PROXY.

CX_TENANT

The tenant that is used for client authentication.

HTTP_PROXY

Triggers the CLI to use a proxy server.

Setting Environment Variables

Linux/MAC

To set an Environment Variable on Linux/MAC operating systems, use the export command.

For example:

# Configure the CX_BASE_URI as an environment variable
export CX_BASE_URI=https://<URL of the Checkmarx One server>

# Configure the CX_APIKEY as an environment variable
export CX_APIKEY=<APIKEY>

Windows

To set an Environment Variable on Windows operating systems, use the setx command.

For example:

# Configure the CX_BASE_URI as an environment variable
setx CX_BASE_URI https://<URL of the Checkmarx One server>

# Configure the CX_TOKEN as an environment variable
setx CX_APIKEY <APIKEY>